loggly
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
@membranehq/clipackage from the official NPM registry. This is a legitimate tool provided by the vendor (membranedev) for interacting with the Membrane platform services.\n- [COMMAND_EXECUTION]: The skill documents the use of themembraneCLI for operational tasks including authentication (membrane login), connection management (membrane connect), and executing API actions (membrane action run). These commands are essential for the skill's functionality and use the vendor's managed infrastructure.\n- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection because it is designed to retrieve and process log data from external sources (Loggly) which could contain malicious instructions designed to influence the agent.\n - Ingestion points: API responses and log records retrieved via
membrane action runandmembrane requestas described inSKILL.md.\n - Boundary markers: None identified in the skill instructions.\n
- Capability inventory: The agent has the capability to execute shell commands via the
membraneCLI and perform network requests via the platform proxy.\n - Sanitization: No explicit sanitization or filtering of the external log content is described in the integration steps.
Audit Metadata